You are required to assess the information security situation in the selected organization and prepare a security plan that includes recommendations for improvements. Assume that you are the recently appointed head of security team responsible for protecting the information holdings of a selected organization. The security team is responsible for overseeing the security of information from deliberate and accidental threats. Management has directed to undertake some security analysis and planning to improve the organization's information security.
You must address at least the following in the report.
1. Identify and describe the main categories of information assets that may be at risk and have to be protected.
2. Appraise the actual and potential threats and vulnerabilities of the organization's information assets.
3. Conduct quick, high level risk assessments (Business Impact Analysis) for all information systems determining if these are ‘critical' from the perspective of Confidentiality, Integrity or Availability
4. Develop a security plan that describes counter-measures that will manage the threats that put the organization's information assets at risk from a risk management perspective.
5. Draft an information security policy according to ISO 27001/27002 that should reflect the findings of the risk analysis.
6. Develop a comprehensive information security education and awareness programme for use by management, staff and contractors for the selected organization.
7. Recommendations you can make to improve the information security situation of the organization.
8. Presentations in the form of PowerPoint slides